3.1.4.7.2 LsarQueryTrustedDomainInfo (Opnum 39)
The LsarQueryTrustedDomainInfo method is invoked to retrieve information on a trusted domain object.
-
NTSTATUS LsarQueryTrustedDomainInfo( [in] LSAPR_HANDLE PolicyHandle, [in] PRPC_SID TrustedDomainSid, [in] TRUSTED_INFORMATION_CLASS InformationClass, [out, switch_is(InformationClass)] PLSAPR_TRUSTED_DOMAIN_INFO* TrustedDomainInformation );
PolicyHandle: An RPC context handle obtained from either LsarOpenPolicy or LsarOpenPolicy2.
TrustedDomainSid: A security descriptor of the trusted domain object.
InformationClass: Identifies the type of information the caller is interested in.
TrustedDomainInformation: Used to return the information on the trusted domain object to the caller.
Return Values: The following is a summary of the return values that an implementation MUST return, as specified by the message processing that follows.
-
Return value/code
Description
0x00000000
STATUS_SUCCESS
The request was successfully completed.
0xC0000022
STATUS_ACCESS_DENIED
The caller does not have the permissions to perform this operation.
0xC000000D
STATUS_INVALID_PARAMETER
One or more of the supplied parameters was invalid.
0xC0000002
STATUS_NOT_IMPLEMENTED
The specified information class is not supported.
0xC0000003
STATUS_INVALID_INFO_CLASS
The InformationClass argument is outside the allowed range.
0xC0000008
STATUS_INVALID_HANDLE
PolicyHandle is not a valid handle.
0xC00000DF
STATUS_NO_SUCH_DOMAIN
The specified trusted domain object does not exist.
0xC00002B1
STATUS_DIRECTORY_SERVICE_REQUIRED
The Active Directory service was not available on the server.
Processing:
If Active Directory is not running on this machine, the server MUST return STATUS_DIRECTORY_SERVICE_REQUIRED.
This message takes four arguments:
PolicyHandle: An open handle to the policy object. If the handle is not a valid context handle to the policy object or PolicyHandle.HandleType does not equal "Policy", the server MUST return STATUS_INVALID_HANDLE. The server MUST verify that PolicyHandle grants access as specified in section 3.1.4.2.2 with RequiredAccess set as specified in section 3.1.4.7.13.
TrustedDomainSid: The SID of the trusted domain object to query. The server MUST verify that the caller has supplied a valid domain SID for this parameter and fail the request with STATUS_INVALID_PARAMETER if the check fails. The server MUST verify that a trusted domain object with this SID exists in its policy database and fail the request with STATUS_NO_SUCH_DOMAIN otherwise.
InformationClass: A value from the TRUSTED_INFORMATION_CLASS enumeration that specifies which type of information the caller is requesting. Not all values are valid. For values outside the TRUSTED_INFORMATION_CLASS enumeration range, the server MUST reject the request with STATUS_INVALID_PARAMETER. For InformationClass values TrustedControllersInformation, TrustedDomainAuthInformationInternal, TrustedDomainFullInformationInternal, and for any values that would be rejected by an LsarQueryInfoTrustedDomain call, the server MUST reject the request with an implementation-specific error. For all other InformationClass values, the server MUST behave as if it is processing an LsarQueryInfoTrustedDomain call with a trusted domain handle to the trusted domain identified by the TrustedDomainSid parameter.
TrustedDomainInformation: Used to return the requested information.